Attackers finally get around to exploiting critical Microsoft bug from 2024
As if admins haven't had enough to do this week
Patches13 Feb 2026 |
Cybersecurity and Infrastructure Security Agency
CISA orders federal agencies to rip out EOL edge kit before cybercrooks move in
A year to replace end-of-support firewalls, routers, and VPN gateways
Networks06 Feb 2026 | 6
Critical SolarWinds Web Help Desk bug under attack
US agencies told to patch by Friday
Patches04 Feb 2026 | 4
CISA updated ransomware intel on 59 bugs last year without telling defenders
GreyNoise's Glenn Thorpe counts the cost of missed opportunities
CSO03 Feb 2026 | 4
Maybe CISA should take its own advice about insider threats hmmm?
opinion The call is coming from inside the house
Security29 Jan 2026 | 6
Feds totally skipping infosec industry's biggest conference this year
updated But ex-CISA boss and new RSAC CEO Jen Easterly will be there
Security24 Jan 2026 | 7
BROADER TOPICS
Federal agencies told to fix or ditch Gogs as exploited zero-day lands on CISA hit list
Git server flaw that attackers have been abusing for months has now caught the attention of US cyber cops
Security13 Jan 2026 | 2
CISA flags actively exploited Office relic alongside fresh HPE flaw
Max-severity OneView hole joins a PowerPoint bug that should've been retired years ago
Cyber-crime08 Jan 2026 | 6
Honeypots can help defenders, or damn them if implemented badly
Infosec In Brief PLUS: Crims could burn your AI budgets thanks to weak defaults; CISA's top 25 vulns for 2025; And more
Security14 Dec 2025 | 3
US extradites Ukrainian woman accused of hacking meat processing plant for Russia
The digital intrusion allegedly caused thousands of pounds of meat to spoil and triggered an ammonia leak in the facility
Cyber-crime10 Dec 2025 | 23
PRC spies Brickstormed their way into critical US networks and remained hidden for years
'Dozens' of US orgs infected
Cyber-crime04 Dec 2025 | 3
CISA warns spyware crews are breaking into Signal and WhatsApp accounts
Attackers sidestep encryption with spoofed apps and zero-click exploits to compromise 'high-value' mobile users
Cyber-crime25 Nov 2025 | 34
Ex-CISA officials, CISOs dispel 'hacklore,' spread cybersecurity truths
Don't believe everything you read
Security24 Nov 2025 | 19
CISA orders feds to patch Oracle Identity Manager zero-day after signs of abuse
Agencies have until December 12 to mitigate flaw that was likely exploited before Big Red released fix
CSO24 Nov 2025 |
Weaponized file name flaw makes updating glob an urgent job
Infosec In Brief PLUS: CISA issues drone warning; China-linked DNS-hijacking malware; Prison for BTC Samourai; And more
Security23 Nov 2025 | 10
Fortinet 'fesses up to second 0-day within a week
Attackers may be joining the dots to enable unauthenticated RCE
Security19 Nov 2025 | 4
CISA flags imminent threat as Akira ransomware starts hitting Nutanix AHV
Advisory updated as leading cybercrime crew opens up its target pool
Cyber-crime14 Nov 2025 | 2
Louvre's pathetic passwords belong in a museum, just not that one
Infosec in brief PLUS: CISA layoffs continue; Lawmakers criticize camera security; China to execute scammers; And more
Security09 Nov 2025 | 24
Ex-CISA head thinks AI might fix code so fast we won't need security teams
Jen Easterly says most breaches stem from bad software, and smarter tech could finally clean it up
Cyber-crime27 Oct 2025 | 65
CISA exec blames nation-state hackers and Democrats for putting America's critical systems at risk
Federal agencies have seven days to patch F5 products
Cybersecurity Month15 Oct 2025 | 19
CISA cuts more staff and reassigns others as government stays shut down
America's main cybersecurity agency has lost almost 1,000 people this year
Public Sector14 Oct 2025 | 6
Warnings about Cisco vulns under active exploit are falling on deaf ears
50,000 firewall devices still exposed
Patches30 Sep 2025 | 22
Feds cut funding to program that shared cyber threat info with local governments
The federal government's not the only thing shutting down on Oct. 1
Public Sector30 Sep 2025 | 7
Dutch teen duo arrested over alleged 'Wi-Fi sniffing' for Russia
Infosec In Brief PLUS: Interpol recoups $439M from crims; CISA criticizes Feds security; FIFA World Cup nets dodgy domain deluge
Security29 Sep 2025 | 6
Hunt for RedNovember: Beijing hacked critical orgs in year-long snooping campaign
Not to be confused with all the other reports of Chinese intruders on US networks that came to light this week
Research27 Sep 2025 | 14
UK and US security agencies order urgent fixes as Cisco firewall bugs exploited in wild
CISA gives feds 24 hours to patch, NCSC urges rapid action as flaws linked to ArcaneDoor spies
Patches26 Sep 2025 | 14
Ivanti EPMM holes let miscreants plant shady listeners, CISA says
Unnamed org compromised with two malware sets
Cyber-crime19 Sep 2025 |
CISA program gave out $20k+ payments to unqualified employees, auditor says
The OIG says the Cyber Incentive program was rife with 'fraud, waste, and abuse'
Cybersecurity Month12 Sep 2025 | 1
All your vulns are belong to us! CISA wants to maintain gov control of CVE program
Get ready for a fight over who steers the global standard for vulnerability identification
Cybersecurity Month12 Sep 2025 | 9
CISA sounds alarm over TP-Link wireless routers under attack
Infosec in brief Plus: Google clears up Gmail concerns, NSA drops SBOM bomb, Texas sues PowerSchool, and more
Security08 Sep 2025 | 13
Attackers snooping around Sitecore, dropping malware via public sample keys
You cut and pasted the machine key from the official documentation? Ouch
Security04 Sep 2025 | 3
Election workers fear threats and intimidation without feds' support in 2026
Feature 'Hope for the best, but prepare for the worst,' one tells The Reg
Security16 Aug 2025 | 113
Lock down your critical infrastructure, CISA begs admins
The agency offered some tips for operational technology environments, where attacks are rising
Security14 Aug 2025 | 6
CISA roasts unnamed critical national infrastructure body for shoddy security hygiene
Plaintext passwords, shared admin accounts, and insufficient logging rampant at mystery org
Security02 Aug 2025 | 17
Ex-CISA chief slams MAGA 'manufactured outrage' after sudden West Point firing
comment US Army Sec appears to fold under pressure from far-right conspiracy theorist
Public Sector31 Jul 2025 | 36
CISA caves to Wyden, agrees to release US telco insecurity report - but won’t say when
The security nerds' equivalent of the Epstein files saga
Security29 Jul 2025 | 3
FBI: Watch out for these signs Scattered Spider is spinning its web around your org
New malware, even better social engineering chops
Cyber-crime29 Jul 2025 | 11
Funding for program to stop next Stuxnet from hitting US expired Sunday
CyberSentry work grinds to a halt
Security22 Jul 2025 | 7
Now everybody but Citrix agrees that CitrixBleed 2 is under exploit
Updated Add CISA to the list
Patches10 Jul 2025 | 3
CISA warns the Signal clone used by natsec staffers is being attacked, so patch now
Two flaws in TeleMessage are 'frequent attack vectors for malicious cyber actors'
Patches02 Jul 2025 | 7
Dems demand audit of CVE program as Federal funding remains uncertain
Infosec In Brief PLUS: Discord invite links may not be safe; Miscreants find new way to hide malicious JavaScript; and more!
Security15 Jun 2025 | 5
Ransomware scum disrupted utility services with SimpleHelp attacks
Good news: The vendor patched the flaw in January. Bad news: Not everyone got the memo
Cyber-crime12 Jun 2025 | 1
CISA loses another senior exec - and the budget cuts haven't even started yet
Another one bites the dust at America's top cybersecurity agency
Public Sector12 Jun 2025 | 4
US infrastructure could crumble under cyberattack, ex-NSA advisor warns
Infosec in Brief PLUS: Doxxers jailed; Botnets bounce back; CISA questioned over app-vetting program closure; And more
Security08 Jun 2025 | 7
Trump’s cyber czar pick grilled over CISA cuts: ‘If we have a cyber 9/11, you’re the guy’
Plus: Plankey's confirmation process 'temporarily delayed'
Security05 Jun 2025 | 7
Lumma infostealer takedown may have inflicted only a flesh wound as crew keeps pinching and selling data
Infosec In Brief PLUS: Ransomware gang using tech support scam; Czechia accuses China of infrastructure attack; And more!
Security02 Jun 2025 | 3
Why is China deep in US networks? 'They're preparing for war,' HR McMaster tells lawmakers
House Homeland Security Committee takes a field trip to Silicon Valley
Cyber-crime29 May 2025 | 43
Ex-CISA employee: 'This culture of fear started permeating the agency'
Interview 'Everyone's holding their breath'
Public Sector28 May 2025 | 10
Cybercrime is 'orders of magnitude' larger than state-backed ops, says ex-White House advisor
INTERVIEW Michael Daniel also thinks Uncle Sam should increase help to orgs hit by ransomware
Cyber-crime24 May 2025 | 26
CISA says SaaS providers in firing line after Commvault zero-day Azure attack
Cyberbaddies are coming for your M365 creds, US infosec agency warns
Security23 May 2025 | 2
CISA has a new No. 2 ... but still no official top dog
Brain drain, budget cuts, constant cyberthreats - who wouldn't want this job?
Security19 May 2025 | 5
'We still have embeds in CISA': CTO of Brit cyber agency talks post-Trump relationship with US counterpart
CYBERUK Both agencies seem unbothered despite tech world's clear concerns for US infoseccers
Security13 May 2025 | 6
CISA mutes own website, shifts routine cyber alerts to Musk’s X, RSS, email
Updated Cripes, we were only joking when we called Elon's social network the new state media
Security12 May 2025 | 67
CISA slammed for role in 'censorship industrial complex' as budget faces possible $500M cut
Because who needs cybersecurity when there’s culture wars to win
Public Sector06 May 2025 | 34
Ex-CISA chief decries cuts as Trump demands loyalty above all else
RSAC Cybersecurity is national security, says Jen Easterly
Spotlight on RSAC30 Apr 2025 | 11
Homeland Security boss says CISA has gone off the rails, vows to set it right
RSAC Kirsty Noem argues cyber-agency's job is defending America, not becoming 'Ministry of Truth'
Spotlight on RSAC30 Apr 2025 | 27
Infosec pros tell Trump to quit bullying Chris Krebs – it's undermining security
Top voices warn that political retaliation puts democracy and national defense at risk
Security29 Apr 2025 | 70
Admission impossible: NSA, CISA brass absent from RSA Conf
RSAC Homeland Security boss Noem added as last-minute keynote, mind you
Spotlight on RSAC28 Apr 2025 | 11
Amid CVE funding fumble, 'we were mushrooms, kept in the dark,' says board member
What next for US-bankrolled vulnerability tracker? It's edging closer to a more independent, global future
CSO25 Apr 2025 | 17
America's cyber defenses are being dismantled from the inside
Opinion The CVE system nearly dying shows that someone has lost the plot
CSO23 Apr 2025 | 93
Two CISA officials jump ship, both proud of pushing for Secure by Design software
As cyber-agency faces cuts, makes noises about switching up program
Public Sector22 Apr 2025 | 11
Oracle hopes talk of cloud data theft dies off. CISA just resurrected it for Easter
Some in the infosec world definitely want to see Big Red crucified
CSO18 Apr 2025 | 6
Biting the hand that feeds IT
